From patchwork Fri May 26 14:48:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brian Haley X-Patchwork-Id: 1786577 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=QCsjTL4L; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QSSTh71qqz20Pb for ; Sat, 27 May 2023 00:48:24 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 6B5634094D; Fri, 26 May 2023 14:48:22 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 6B5634094D Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=QCsjTL4L X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tSzHb752_Evb; Fri, 26 May 2023 14:48:21 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id F03A14091F; Fri, 26 May 2023 14:48:19 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org F03A14091F Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id C62F5C0036; Fri, 26 May 2023 14:48:19 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 065B7C002A for ; Fri, 26 May 2023 14:48:18 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 29BDD40910 for ; Fri, 26 May 2023 14:48:14 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 29BDD40910 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ispH7YH0LDOF for ; Fri, 26 May 2023 14:48:12 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org A394E40583 Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) by smtp4.osuosl.org (Postfix) with ESMTPS id A394E40583 for ; Fri, 26 May 2023 14:48:12 +0000 (UTC) Received: by mail-qk1-x72c.google.com with SMTP id af79cd13be357-75b132ad421so112872085a.1 for ; Fri, 26 May 2023 07:48:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1685112491; x=1687704491; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=wRfODFwLq8dfCBo+vBt3DA8Xlvf/+aghcnCMzRBzZaM=; b=QCsjTL4LmF0clm7mf1HwDh9uSpUN2COv2aaBKIKfuGVCY4ePRyoJPQ6NCMi8kF5jSo JOrgjIK6mEQ3QwvMIkEcfJZlbEBKDhvm9KkNnJ1Dq6SUj3s+xy9/76dOO5QuJqiw16O/ P+CaxGILaXNwiP+9aUhYHGtJcLQp5l3f1zblu4CbOvbkNPjxlGJ+JGl5NrjJXrIE+Vya PO7Qbr03Zkq9NJBnbXcUav1vXWFmxzasANyEw8qvn+d261uj4c2sGeHNfnKDNAkABAIK DOVEuxEwuH4Bm4FDINFei9es4+k23Wo/CTOik/jKdAEAdr+FVmqpDGtZ0Ya1KRE8wlui yOdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685112491; x=1687704491; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=wRfODFwLq8dfCBo+vBt3DA8Xlvf/+aghcnCMzRBzZaM=; b=geJ2JZlX1UoY1UREyBy98WT86maILkrUpQQNznAVxYRg/NL/OCBbf7Fa47t5Zqt53A BAn9jru5TNKSG+Cjr1SJBzV8qF/CP3Ic0fZJ2zSXnTqydoHiTh1JFnAfXOP3N/xYaKpM kd+gVd5hW5yC2dm0fMiHsvjxTK8IFouy6Th2c3bkYWvixa2XrFbUB0lC9bsmRd97qh02 6fSgfpTiQ65zBc4xx89iPhPqnBqgV3WHUoi6lFJJtORILipKWIaPVza8zT1XjwBxkyqV tcDLgjnBFBKcoth25uy08hAAXXBdYcn8ksejsg1iRErlJSF6vv0vUjJHPWVgVFKEG+Xh wLsQ== X-Gm-Message-State: AC+VfDzNHWh1RqlkEgWfrysoki+4RRtPo2gv4CEbiaghtTpOXbOQBy9M e+Uv1BV4Ho1dMzt0rge5IS32I4xrju4= X-Google-Smtp-Source: ACHHUZ6f2321olct/44FNTwNwsNGpfM/cFC4JPuUhnj/dfS2RoAEv8AbM2KFJxLPAZtxXnTB52fHuw== X-Received: by 2002:a05:620a:684a:b0:75c:b6ad:4f47 with SMTP id ru10-20020a05620a684a00b0075cb6ad4f47mr1840738qkn.32.1685112491230; Fri, 26 May 2023 07:48:11 -0700 (PDT) Received: from localhost.localdomain ([2601:18f:1080:3886::1013]) by smtp.gmail.com with ESMTPSA id o19-20020a05620a111300b0074df51a90b6sm1202189qkk.60.2023.05.26.07.48.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 May 2023 07:48:10 -0700 (PDT) From: Brian Haley To: dev@openvswitch.org Date: Fri, 26 May 2023 10:48:04 -0400 Message-Id: <20230526144804.2341165-1-haleyb.dev@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Subject: [ovs-dev] [PATCH ovn v4] controller: Ignore DNS queries with RRs X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" DNS queries with optional records (RRs), for example, with cookies for EDNS, are not supported by the OVN resolver. Trying to reply will result in mangled responses that clients do not understand - the ANSWER section will contain an incorrect option. Instead, just return early when one is present, which will trigger a negative response and cause clients to go to the upstream forwarder, hopefully resulting in a successful query. In our testing, the resolver only retries if the response is correctly formatted, which now happens with this change. Reported-at: https://github.com/ovn-org/ovn/issues/192 Reported-by: Nicolas Bock Signed-off-by: Brian Haley --- Changes since v3: - Updated commit message to include reporter info --- Changes since v2: - Updated commit message to be more clear --- Changes since v1: - Added issue #192 to commit message --- controller/pinctrl.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/controller/pinctrl.c b/controller/pinctrl.c index b5df8b1eb..b45b4c747 100644 --- a/controller/pinctrl.c +++ b/controller/pinctrl.c @@ -2864,6 +2864,13 @@ pinctrl_handle_dns_lookup( goto exit; } + /* Check if there is an additional record present, which is unsupported */ + if (in_dns_header->arcount) { + VLOG_DBG_RL(&rl, "Received DNS query with additional records, which" + " is unsupported"); + goto exit; + } + struct udp_header *in_udp = dp_packet_l4(pkt_in); size_t udp_len = ntohs(in_udp->udp_len); size_t l4_len = dp_packet_l4_size(pkt_in);